Modeling the side-channel attacks in data deduplication with game theory

The cross-user data deduplication improves disk space efficiency of cloud storage by keeping only one copy of same files among all service users. As a result, the cloud storage service is able to offer a considerable amount of storage at an attractive price. Therefore, people begin to use cloud storage such as Dropbox and Google Drive not only as data backup but also as their primary storage for everyday usage. However, the cross-user data deduplication also rises data privacy concerns. A side-channel attack called “confirmation-of-a-file” and its variant “learn-the-remaining-information” breach the user data privacy through observing the deduplication operation of the cloud storage server. These attacks allow malicious users to pinpoint specific files if they exist in the cloud. The existing solutions sacrifice either the network bandwidth efficiency or the storage efficiency to defend the side-channel attacks without analyzing the defensive cost from the standpoint of cloud storage providers. Because profit is the key factor that motivates cloud service providers, the question that how to defend the side-channel attacks efficiently in terms of cost is not only important but also practical. However, this question remains unanswered. In this paper, we try to address this problem using game theory. We model the interaction between the attacker and the defender, i.e., the cloud storage server, using a game-theoretic framework. Our framework captures underlying complexity of the side-channel attack problem under several practical assumptions. We prove there exists a unique solution of the problem, i.e., a mixed-strategy Nash equilibrium. Our simulation results show the efficiency of our scheme.

[1]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .

[2]  Daehee Kim,et al.  SAFE: Structure-aware file and email deduplication for cloud-based storage systems , 2013, 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet).

[3]  Yonggang Wen,et al.  Private data deduplication protocols in cloud storage , 2012, SAC '12.

[4]  O. H. Brownlee,et al.  ACTIVITY ANALYSIS OF PRODUCTION AND ALLOCATION , 1952 .

[5]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[6]  Svein J. Knapskog,et al.  On Stochastic Modeling for Integrated Security and Dependability Evaluation , 2006, J. Networks.

[7]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[8]  Sean Quinlan,et al.  Venti: A New Approach to Archival Storage , 2002, FAST.

[9]  Darrell D. E. Long,et al.  Secure data deduplication , 2008, StorageSS '08.

[10]  Harikesh Pandey,et al.  Secure and Constant Cost Public Cloud Storage Auditing with Deduplication , 2017 .

[11]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[12]  Alessandro Sorniotti,et al.  A Secure Data Deduplication Scheme for Cloud Storage , 2014, Financial Cryptography.

[13]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[14]  S. Kakutani A generalization of Brouwer’s fixed point theorem , 1941 .

[15]  J. yon Neumann A GENERALIZATION OF BROUWERS FIXED POINT THEOREM BY SHIZUO IAKUTANI , .

[16]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[17]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[18]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[19]  Jun Zhang,et al.  Security Patch Management: Share the Burden or Share the Damage? , 2008, Manag. Sci..

[20]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[21]  Christoph Neumann,et al.  Improving the Resistance to Side-Channel Attacks on Cloud Storage Services , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[22]  Shmuel Tomi Klein,et al.  The design of a similarity based deduplication system , 2009, SYSTOR '09.

[23]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[24]  Tansu Alpcan,et al.  Security games for vehicular networks , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[25]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[26]  Roberto Di Pietro,et al.  Boosting efficiency and security in proof of ownership for deduplication , 2012, ASIACCS '12.

[27]  William J. Bolosky,et al.  Single instance storage in Windows® 2000 , 2000 .